Release Notes for Undertow
Includes versions: 2.3.22.Final,
Bug
- [ UNDERTOW-2656 ] CVE-2025-12543 Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
- [ UNDERTOW-2676 ] Do not set merged query parameters for includes and forwards on the exchange, only the request
- [ UNDERTOW-2681 ] TCCL when invoking annotated websocket endpoint methods doesn't expose deployment classes
Enhancement
- [ UNDERTOW-2632 ] Make UnavailableServletTestCase.testTempUnavailableServlet idempotent